Software is going through a trust crisis. Privileged code is no longer trusted and processes insufficiently protect user code from unverified libraries. While usually treated separately, confidential computing and program compartmentalization are both symptoms of the same problem, deeply rooted in hierarchical commodity systems: privileged software's monopoly over isolation. This paper proposes a separation of powers: to decouple trust and isolation from privilege hierarchies. It introduces an isolation monitor, which delivers verifiable isolation, confidentiality, and integrity to all software, independent of existing system abstractions and privilege hierarchies. Tyche, our prototype isolation monitor, runs on commodity hardware without relying on complex and emerging hardware security extensions. It enables any software component to create, compose, and nest isolation abstractions, including user and kernel sandboxes, enclaves, as well as confidential virtual machines.